diff options
| -rw-r--r-- | boot.php | 10 | ||||
| -rw-r--r-- | include/attach.php | 68 | ||||
| -rw-r--r-- | install/database.sql | 7 | ||||
| -rw-r--r-- | install/update.php | 8 | ||||
| -rw-r--r-- | mod/wall_attach.php | 4 | ||||
| -rw-r--r-- | version.inc | 2 |
6 files changed, 92 insertions, 7 deletions
@@ -16,7 +16,7 @@ require_once('include/features.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica Red'); define ( 'FRIENDICA_VERSION', trim(file_get_contents('version.inc')) . 'R'); define ( 'ZOT_REVISION', 1 ); -define ( 'DB_UPDATE_VERSION', 1022 ); +define ( 'DB_UPDATE_VERSION', 1023 ); define ( 'EOL', '<br />' . "\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); @@ -2032,6 +2032,14 @@ function dba_timer() { return microtime(true); } +function get_observer_hash() { + $observer = get_app()->get_observer(); + if(is_array($observer)) + return $observer['xchan_hash']; + return ''; +} + + /** * Returns the complete URL of the current page, e.g.: http(s)://something.com/network * diff --git a/include/attach.php b/include/attach.php index 6d611cec0..61514bb51 100644 --- a/include/attach.php +++ b/include/attach.php @@ -81,3 +81,71 @@ function z_mime_content_type($filename) { } } + + +function attach_count_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '') { + + $ret = array('success' => false); + + if(! perm_is_allowed($channel_id,$observer, 'read_storage')) { + $ret['message'] = t('Permission denied.'); + return $ret; + } + + require_once('include/security.php'); + $sql_extra = permissions_sql($channel_id); + + if($hash) + $sql_extra .= protect_sprintf(" and hash = '" . dbesc($hash) . "' "); + + if($filename) + $sql_extra .= protect_sprintf(" and filename like '@" . dbesc($filename) . "@' "); + + if($filetype) + $sql_extra .= protect_sprintf(" and filetype like '@" . dbesc($filetype) . "@' "); + + $r = q("select id from attach where channel_id = %d $sql_extra", + intval($channel_id) + ); + + $ret['success'] = ((is_array($r)) ? true : false); + $ret['results'] = ((is_array($r)) ? count($r) : false); + return $ret; + +} + +function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '', $orderby = 'created desc', $start = 0, $entries = 0) { + + $ret = array('success' => false); + + if(! perm_is_allowed($channel_id,$observer, 'read_storage')) { + $ret['message'] = t('Permission denied.'); + return $ret; + } + + require_once('include/security.php'); + $sql_extra = permissions_sql($channel_id); + + if($hash) + $sql_extra .= protect_sprintf(" and hash = '" . dbesc($hash) . "' "); + + if($filename) + $sql_extra .= protect_sprintf(" and filename like '@" . dbesc($filename) . "@' "); + + if($filetype) + $sql_extra .= protect_sprintf(" and filetype like '@" . dbesc($filetype) . "@' "); + + if($entries) + $limit = " limit " . intval($start) . ", " . intval(entries) . " "; + + // Retrieve all columns except 'data' + + $r = q("select id, aid, uid, hash, filename, filetype, filesize, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where channel_id = %d $sql_extra $orderby $limit", + intval($channel_id) + ); + + $ret['success'] = ((is_array($r)) ? true : false); + $ret['results'] = ((is_array($r)) ? $r : false); + return $ret; + +} diff --git a/install/database.sql b/install/database.sql index aee87c119..ba063bfa4 100644 --- a/install/database.sql +++ b/install/database.sql @@ -94,7 +94,12 @@ CREATE TABLE IF NOT EXISTS `attach` ( PRIMARY KEY (`id`), KEY `aid` (`aid`), KEY `uid` (`uid`), - KEY `hash` (`hash`) + KEY `hash` (`hash`), + KEY `filename` (`filename`), + KEY `filetype` (`filetype`), + KEY `filesize` (`filesize`), + KEY `created` (`created`), + KEY `edited` (`edited`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `auth_codes` ( diff --git a/install/update.php b/install/update.php index 41c6a7565..b0eed4818 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ <?php -define( 'UPDATE_VERSION' , 1022 ); +define( 'UPDATE_VERSION' , 1023 ); /** * @@ -303,3 +303,9 @@ function update_r1021() { return UPDATE_FAILED; } +function update_r1022() { + $r = q("alter table attach add index ( filename ), add index ( filetype ), add index ( filesize ), add index ( created ), add index ( edited ) "); + if($r) + return UPDATE_SUCCESS; + return UPDATE_FAILED; +} diff --git a/mod/wall_attach.php b/mod/wall_attach.php index 865605313..8b8a6ddaa 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -29,9 +29,7 @@ function wall_attach_post(&$a) { $page_owner_uid = $channel['channel_id']; - $observer = $a->get_observer(); - - if(! perm_is_allowed($page_owner_uid,$observer['xchan_hash'],'write_storage')) { + if(! perm_is_allowed($page_owner_uid,get_observer_hash(),'write_storage')) { notice( t('Permission denied.') . EOL); killme(); } diff --git a/version.inc b/version.inc index 127eebfe8..d9f88242f 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2013-01-29.215 +2013-01-30.216 |